Read my writeup to PC macine on:
TL;DR
User: Scanning all ports revealed that port 50051 is open. Enumeration confirmed that the service running on this port is gRPC. Utilized POSTMAN to send requests and discovered a vulnerability in the getInfo method, specifically a SQLite injection. Exploiting this vulnerability allowed to obtain the credentials of the sau user.
Root: During the network analysis, a thorough examination using the netstat command revealed the presence of a local port 8000 which was identified as the hosting point for pyLoad. Through the establishment of a secure tunnel to this port, an exploit known as CVE-2023-0297 was employed to successfully gain remote code execution (RCE) privileges with root access.
1 post - 1 participant